Choosing the CIDR Block for Datacoral's VPC

Datacoral recommends that you create a dedicated VPC for Datacoral services in order to provide isolation, auditing, and network access management. However, sometimes our services will need to communicate across different VPCs. In those cases we recommend you Peer VPCs instead of opening up your services to the internet.

  • When a customer is installing Datacoral in a new VPC, but they wish to use an existing Redshift cluster that is an older VPC.
  • When a customer has installed Datacoral in its own VPC, and they would like Datacoral services to communicate with services/databases in a separate VPC.

In order to setup VPC Peering, you would need to make sure that the CIDR blocks are not overlapping. From

The owner of the requester VPC sends a request to the owner of the accepter VPC to create the VPC peering connection.
The accepter VPC can be owned by you, or another AWS account, and
cannot have a CIDR block that overlaps with the requester VPC's CIDR block.

Given that once the CIDR Block is set for a VPC, it cannot be changed, it is really important to pick the CIDR block with IP ranges that do not overlap with the IP ranges of other VPCs to which you want to setup peering connections. For example, if you had a heroku PostgreSQL instance that you wish to ingest data from and add it to your Datacoral installation, you should check the instructions here to make sure to pick a CIDR block that does not overlap with that used by heroku PostgreSQL.

For more details on how to setup VPC peering, see here.

Requirements for Datacoral VPC CIDR Block:

  1. We recommend using /18 to allow for enough IP addresses for our compute services like AWS Lambda
  2. Make sure to pick the CIDR Block range that does not overlap with VPCs for which you want to setup peering later

Note: You cannot change this later on! You will have to recreate the entire Datacoral installation if you decide to change the CIDR Block.